04-25-2024 06:54 AM
Deployed a 3100 in chassis mode to the FMC a few days ago. All went to plan.
Determined we needed to change the IP so decided just to delete the device from FMC and re-provision it.
On the FTD via local-mgmt did a erase configuration. The device wiped fine and rebooted.
Went through the setup and set the new ip manager, registration key NAT-ID etc.
Now the device will not register to the FMC. It continually times out at the secured connection point.
Pings etc all work fine.
How do I resolve this? Sounds like something is stuck in the FMC somewhere.
04-25-2024 07:34 AM
Try please to check the following log from expert mode on the FTD whilst you are trying to register it to the FMC, it should give you some indications of the reason why it is failing.
tail -f /var/log/messages | grep 'the FMC IP address'
04-25-2024 07:49 AM
How do you get into expert mode when the device is in Chassis mode? You can't go to FTD as that is not available.
04-25-2024 07:57 AM
Its finally deployed. Took over 20 attempts.
04-25-2024 08:55 AM - edited 04-25-2024 08:55 AM
My bad then, sorry, I didn't realize the FTD wasn't available yet, and glad to know it finally worked.
04-26-2024 12:13 AM
I think the registration process must be particularly sensitive to latency. Was experiencing somewhat high latency at the time 20ms or thereabouts the devices was being provisioned remotely. I'll know for next time.
05-24-2024 03:10 AM
Hello, and thank you for posting this. I am glad you got your problem solved, but I could actually really use your help as I have a similar problem.
I am also running a 3100 chassis and already registered it in FMC but unfortunately it was discovered later that the name was wrong. I haven't been able to find a way to change the name displayed on the chassis inside the FMC device list, and so I came to the conclusion that a reregister maneuver like you performed, would be the best option.
As you, I also dont have access to the FTD cli after converting to multi-instance chassis, but I fail to see how I can run a registration command in the local-mgmt mode?
In your description it sounded to me like you simply erased config, and then was able to immediately write a command in local-mgmt mode to re-enroll.
Is it the case that when you unenroll, then ftd becomes available again?, or is it because you did a reimage as well afterwards which then enabled you to re-enroll?
regards
- Roar
05-24-2024 04:03 AM
To re-register i did these steps:
Deleted it from FMC
connect local-mgmt
erase configuration
Once it reloaded i simply ran through the initial wizard again. I think you could even skip this bit as the next step appears to wipe what you put in via the wizard or prior to running the registration commands, including hostnames etc.
Switch to the FTD
configure multi-instance network ipv4 x.x.x y.y.y.y x.x.x.x manager x.x.x.x DONTRESOLVE xxx xxx
I ensured new NAT's
This prompted me it was going to wipe the initial settings added via the wizard and then reloads.
Added it back into the FMC.
Once you switch to chassis mode you can't do anything locally of any significance on the 3100. From what I can tell and what TAC have told me. It won't let you save any changes and errors saying changes should be via the FMC.
I tried to setup AAA for example for the Chassis and got no where. TAC confirmed this and other changes to the chassis are not supported, so i don't think you can do anything like set a hostname. The only thing i think you can do is change the password of the admin account locally and upload files and such. Everything has to be done via the FMC.
I don't think the documentation or the CLI help is particularly clear on any of this. Take the AAA on the CLI for example there are commands in there for TACACS but no reference to this in any documentation. I can only assume a lot of the core code is shared with other Cisco kit and simply doesn't work for this platform.
05-24-2024 04:24 AM
Thanks man! This was the good news I was hoping for! this really saves me a bunch of time! Goes to show I should use these forums more often
07-03-2024 01:43 PM
I ran into a similar issue this week deploying a pair of 3120's with 2 instances. I got both chassis and 2 instances deployed, looking good and all and went to set up HA, got the IP's between instances mixed up, found there is no way to change them once deployed, broke the HA and somehow deleted the instances from FMC. They still live ON the 3120 and are seen in FMC, but no longer registered. I cannot find a way to re-register to them, so have to delete them, deploy the deletes, then reconfigure the instance.
This is not as bad as when a chassis is deleted. It cannot be readded without a factory reset and reconfigure to multi-instance mode. I believe the registration key and natID are a one time deal. I have found no way to reset them without doing a factory reset.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide